lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 01 Jul 2020 15:53:48 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     jarod@...hat.com
Cc:     linux-kernel@...r.kernel.org, huyn@...lanox.com,
        saeedm@...lanox.com, j.vosburgh@...il.com, vfalico@...il.com,
        andy@...yhouse.net, jeffrey.t.kirsher@...el.com, kuba@...nel.org,
        steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
        netdev@...r.kernel.org, intel-wired-lan@...ts.osuosl.org
Subject: Re: [PATCH net-next] bonding: allow xfrm offload setup
 post-module-load

From: Jarod Wilson <jarod@...hat.com>
Date: Tue, 30 Jun 2020 14:49:41 -0400

> At the moment, bonding xfrm crypto offload can only be set up if the bonding
> module is loaded with active-backup mode already set. We need to be able to
> make this work with bonds set to AB after the bonding driver has already
> been loaded.
> 
> So what's done here is:
> 
> 1) move #define BOND_XFRM_FEATURES to net/bonding.h so it can be used
> by both bond_main.c and bond_options.c
> 2) set BOND_XFRM_FEATURES in bond_dev->hw_features universally, rather than
> only when loading in AB mode
> 3) wire up xfrmdev_ops universally too
> 4) disable BOND_XFRM_FEATURES in bond_dev->features if not AB
> 5) exit early (non-AB case) from bond_ipsec_offload_ok, to prevent a
> performance hit from traversing into the underlying drivers
> 5) toggle BOND_XFRM_FEATURES in bond_dev->wanted_features and call
> netdev_change_features() from bond_option_mode_set()
> 
> In my local testing, I can change bonding modes back and forth on the fly,
> have hardware offload work when I'm in AB, and see no performance penalty
> to non-AB software encryption, despite having xfrm bits all wired up for
> all modes now.
> 
> Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves")
> Reported-by: Huy Nguyen <huyn@...lanox.com>
> Signed-off-by: Jarod Wilson <jarod@...hat.com>

Applied, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ